Hello everyone! My browsers (IE and Firefox) are running extremely slow for a cable modem. Ive got no spyware on my computer because I scanned and deleted it all. It's clean for all i know. Here is my Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:14:01 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\WgaTray.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,npqkfjx. exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Welcome to DAl,


You still got some bad things on your computer...


Do this first:



Please download Look2Me-Remover.exe by Atribune to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Remover.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
• When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX


Then:


Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
• Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
• Place qoofix.bat in your C:\BFU - folder. (Important!)
• Doubleclick qooFix.bat, Close all browsers and explorer folders.
• Choose option 1 (Qoolfix autofix) and follow the prompts.
• Please be patient, it will take about five minutes.
• After the PC has restarted please post another hijackthis log.

Hi Neal, thank you for taking the time to help me out The pictures in the browsers still take a long time to load.

This is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:20:20 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

This is my Look2M3-Destroyer.txt


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/26/2006 12:55:25 PM


Attempting to delete infected files...

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{52FC377C-7958-44C2-8169-9581CC2429EF}"
HKCR\Clsid\{52FC377C-7958-44C2-8169-9581CC2429EF}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Hi and thanks.

Look2Me didn't find anything, I was positive it was there.

Qoologic trojan is gone now thanks to bruteforce.



To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)


Then:



Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:51:48 PM, 5/26/2006
+ Report-Checksum: C73919FF

+ Scan result:

HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@media plex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@triba lfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\drsmartload1.0xe -> Downloader.Adload.ba : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\RSInstaller.dll -> Adware.RedSwoosh : Cleaned with backup
C:\WINDOWS\keyboard16.0xe -> Downloader.VB.zg : Cleaned with backup
C:\WINDOWS\mousepad16.0xe -> Trojan.VB.ali : Cleaned with backup
C:\WINDOWS\newname16.0xe -> Downloader.VB.vr : Cleaned with backup
F:\Program Files\Common Files\wkfz\wkfzd\wkfzc.dll -> Adware.TargetServer : Cleaned with backup
F:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\system32\repairs303169578.dll -> Adware.Surfside : Cleaned with backup
F:\WINDOWS\VXNlcg\asappsrv.dll -> Adware.CommAd : Cleaned with backup


::Report End


HJT

Logfile of HijackThis v1.99.1
Scan saved at 5:05:09 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\ewido anti-malware\SecuritySuite.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Hi, we are getting close.



Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..


Also...




Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

BitDefender Online Scanner



Scan report generated at: Sat, May 27, 2006 - 00:01:13





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:13:56

Files
417539

Folders
8013

Boot Sectors
4

Archives
3011

Packed Files
29878




Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
383328

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00000.VBN=>(Quarantine-PE)
Detected with: Adware.Instafind.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00000.VBN=>(Quarantine-PE)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07680000.VBN=>(Quarantine-PE)
Detected with: Adware.Instafind.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07680000.VBN=>(Quarantine-PE)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07680000.VBN=>(Quarantine-PE)
Deleted





HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12:07:10 AM, on 5/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
F:\WINDOWS\system32\svchost.exe
F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup .0001
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Hi,

Also...




Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

Thanks.

whoops im sorry

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Aironet Client Utility
AOL Instant Messenger
AVD Video Processor 7.2
BitComet 0.57
CCleaner (remove only)
CEP3 - Color Enable Package 3
Creating Keepsakes Scrapbook Designer
DivX
DivX Player
DivX Web Player
ewido anti-malware
F-Secure Anti-Virus 2006
HijackThis 1.99.1
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.10.0
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (1.5)
MSN Messenger 7.5
Nero 7 Ultra Edition
NVIDIA PureVideo Decoder
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
Spybot - Search & Destroy 1.4
StyleXP (remove only)
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
TSR Installation Wizard
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.4a
WinAce Archiver
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinMPG VideoConvert 6.2
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

Thanks,


Run hijackthis and click on scan button and put a check next to this:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...4YYUS_undefined


You really should remove LimeWire PRO 4.10.0, there are other alternatives that don't come bundled with junk.

See hear:

http://www.spywareinfo.com/articles/p2p/#limewire


All tho your java is up to date you should remove update # 3 from add/remove with that there it makes you vulnerable to attack, if you have trouble removeing you may have to remove it entirely and re-install Sun Java.

Just in case:

Sun Java


How is your computer behaving now?